<?php
/*
+-----------------------------------------------------------------------------+
| $Id: *.php 2009-08-18 08:41:22Z Bleakwind $
| Copyright (c) 2003-2010 Bleakwind (www.weaverdream.com)
| http://www.weaverdream.com/
+-----------------------------------------------------------------------------+
*/

if (!defined( 'ENTRY_INDEX')){
    echo "<h1>Forbidden</h1><p>You don't have permission to access on this server.</p>";
    exit;
}

if($sys->get['ope'] == "save"){
    // check the post
    if ($sys->post['to']      == "" ||
        $sys->post['subject'] == "" ||
        $sys->post['content'] == ""
        ){
        $sys->cp_prompt("failed",$LANGUAGE['s']['cp_pm_send']['send_form_empty']);
    } elseif ( (mb_strwidth($sys->post['to'],"UTF-8") < 4 ||
               mb_strwidth($sys->post['to'],"UTF-8") > 16 ||
               preg_match("/[\x01-\x2E]|[\\x2F]|[\x3A-\x40]|[\x5B-\x5E]|[\x60]|[\x7B-\x7F]/",$sys->post['to']))
               && !preg_match("/^[a-z0-9-_\.]+@([a-z0-9][a-z0-9-]*\.)+[a-z]{2,4}$/i",$sys->post['to']) ) {
        $sys->cp_prompt("failed",$LANGUAGE['s']['cp_pm_send']['send_to_error']."<!-- to error -->");
    } elseif ( strlen($sys->post['subject']) > $CONFIG['max_pm_subject'] ){
        $sys->cp_prompt("failed",$LANGUAGE['s']['cp_pm_send']['send_subject_error']."<!-- subject error -->");
    } elseif ( strlen($sys->post['content']) > $CONFIG['max_pm_content'] ){
        $sys->cp_prompt("failed",$LANGUAGE['s']['cp_pm_send']['send_content_error']."<!-- content error -->");
    }else{

        if (preg_match("/^[a-z0-9-_\.]+@([a-z0-9][a-z0-9-]*\.)+[a-z]{2,4}$/i",$sys->post['to'])) {
            $to_id = func::db_select(DB_TABLE_MEMBER, "id", "email='".$sys->post['to']."'");
        } else {
            $to_id = func::db_select(DB_TABLE_MEMBER, "id", "username='".$sys->post['to']."'");
        }
        if(empty($to_id)){
            $sys->cp_prompt("failed",$LANGUAGE['s']['cp_pm_send']['send_to_not_exist']."<!-- to not exist -->");
        }else{
            
            if ((int)$MEMBER['point'] > (int)$CONFIG['point_group']['point_min']) {
                $sql_data = array(
                    "point"           => "point+".(int)$CONFIG['point_group']['pm_send'],
                );
                $result = func::db_update(DB_TABLE_MEMBER, $sql_data, "id=".(int)$MEMBER['id']."");
                if (!$result) {
                    $ajax_response->alert($LANGUAGE['s']['post']['update_member_point_pm_send_error']);
                }
            }
            $sql = "INSERT INTO ".DB_TABLE_PM_IN." SET
                       subject   ='".addslashes($sys->post['subject'])."',
                       content   ='".addslashes($sys->post['content'])."',
                       fid       ='".$MEMBER['id']."',
                       tid       ='".$to_id[0]['id']."',
                       mid       ='".$MEMBER['id']."',
                       if_read   =0,
                       time      =".$sys->nowtime."";
            if (!$db->Execute($sql)) {
                echo $db->ErrorMsg();
            }
            $sql = "INSERT INTO ".DB_TABLE_PM_OUT." SET
                       subject   ='".addslashes($sys->post['subject'])."',
                       content   ='".addslashes($sys->post['content'])."',
                       fid       ='".$MEMBER['id']."',
                       tid       ='".$to_id[0]['id']."',
                       mid       ='".$MEMBER['id']."',
                       if_read   =0,
                       time      =".$sys->nowtime."";
            if (!$db->Execute($sql)) {
                echo $db->ErrorMsg();
            }
            $sys->cp_prompt("succeed",$LANGUAGE['s']['cp_pm_send']['send_succeed'], $CONFIGURE['common']['control_index']."?act=cp_pm_send");
        }
    }
} elseif ($sys->get['ope'] == "reply"){
    if(!preg_match("/^[0-9]+$/i",$sys->get['piid'])){
        $sys->prompt("failed",$LANGUAGE['s']['cp_pm_send']['reply_piid_error']."<!-- piid error -->");
    }else{
        $sql = "SELECT pi.*
                FROM ".DB_TABLE_PM_IN." pi
                WHERE pi.id=".$sys->get['piid']."";
        $result = &$db->Execute($sql);
        if (!$result) {
            echo $db->ErrorMsg();
        } else {
            if (!$result->EOF) {

                $member_info = $sys->return_member($result->fields['fid'], array("id","username"));

                $cp_pm_send_reply = array(
                       'id'         => $result->fields['id'],
                       'subject'    => $result->fields['subject'],
                       'content'    => $result->fields['content'],
                       'fid'        => $result->fields['fid'],
                       'tid'        => $result->fields['tid'],
                       'mid'        => $result->fields['mid'],
                       'if_read'    => $result->fields['if_read'],
                       'time'       => $result->fields['time'],
                       'm_id'       => $member_info['m_id'],
                       'm_username' => $member_info['m_username'],
                );
            }
        }

        $t->assign(array(
            "cp_pm_send_reply" => $cp_pm_send_reply,
            "page"              => $bwpage->page_current,
        ));
    }
} elseif ($sys->get['ope'] == "send"){
    if(!preg_match("/^[0-9]+$/i",$sys->get['mid'])){
        $sys->prompt("failed",$LANGUAGE['s']['cp_pm_send']['send_mid_error']."<!-- mid error -->");
    }else{

        $member_info = $sys->return_member($sys->get['mid'], array("id","username"));
        $t->assign(array(
            "cp_pm_send_to" => $member_info,
            "page"          => $bwpage->page_current,
        ));
    }
}
$public_var['page_place'][] = $LANGUAGE['s']['cp_pm_send']['page_place_upper'];
$public_var['page_place'][] = $LANGUAGE['s']['cp_pm_send']['page_place'];
?>
